- 创建文件 /etc/systemd/system/cockpit.service.d/ssl.conf 包含:
[Service] Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
- 重新加载 systemd 守护进程:
# systemctl daemon-reload
- 重启Cockpit 服务:
# systemctl restart cockpit
- 检查协议 tls1_1:
# echo test | openssl s_client -connect localhost:9090 -tls1_1 CONNECTED(00000003) 139687924594576:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365: -- no peer certificate available -- No client certificate CA names sent -- SSL handshake has read 5 bytes and written 7 bytes -- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported ==> Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1595495230 Timeout : 7200 (sec) Verify return code: 0 (ok)
- 检查协议 tls1_2:
# echo test | openssl s_client -connect localhost:9090 -tls1_2 ...No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits -- SSL handshake has read 1326 bytes and written 415 bytes -- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported --> Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 3B54CEBA5BA27F851E55409A491540E7A0B6BCB7657B9036D67BB6E82B5F55B5 Session-ID-ctx: Master-Key: 5AC8E8F409895C2020C87F4598DCF09465661431DAE03FDDEC0EC69FE7F8320FE14B79BA2D6A902A745AE00E265462D0 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1595495263 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) -- DONE
日期:2020-09-17 00:13:32 来源:oir作者:oir